i think there is a bug with UDP / netflow :
my conf :
input {
udp {
port => 9556
codec => netflow {
versions => [5, 9]
target => "nf"
}
type => "netflow"
}
}
In all case i receive the flow
first :
when my elk server can’t communicate with my network equipment but i can
see the netflow in it network interface with tcpdump, i have no data
processed
second case :
when my elk server can communicate with my network equipment and i
can see the netflow in it network interface with tcpdump, i have data
processed
it does not mean anything, with UDP there is not communication as in TCP